Cyber Threat Intelligence Analyst

Why it's worth it:

Are you interested in producing operational and strategic intelligence products that draw on primary-source information to provide actionable insights into adversary tactics and techniques, malware, and threat campaigns? Joining ReliaQuest's Cyber Threat Intelligence team, you will be an integral part of intelligence operations. This is a great opportunity to put your Security Operations skills to use while conducting cutting-edge threat research, seeking and interpreting restricted intelligence, and delivering intelligence products to a varied audience. If you have a keen interest in broadening your skills, knowledge, and experience within an intelligence environment, this role might be for you.

The everyday hustle:

• Conduct investigations into credible threats including telemetry-focused investigations to map threat campaigns and reveal threat actor TTPs to inform detection and response decision making

• Analyse novel or evolving threats to inform detection research and threat hunting activity

• Write timely, accurate, and relevant actionable intelligence deliverables in a variety of formats-including short, fast-turnaround updates and longer-form reports-covering credible threats such as actors, vulnerabilities, and malware

• Research, write, contribute to, and coordinate external-facing papers, blogs, webinars, and podcasts

• Propose and carry out extended research projects to gather actionable intelligence on the cyber threat landscape

• Follow trends, dynamics, and developments in the cyber threat landscape

• Identify new threat actors or locations and assess their credibility, motivations, and threat level

• Conduct investigations to support customer Requests for Intelligence (RFIs) and produce written deliverables according to agreed parameters

• Liaise with other teams within the Threat Research umbrella to deliver primary-source intelligence to enrich internal telemetry efforts investigating credible threats

• Support Threat Research Team Leadership in ensuring team goals are met

• Meet deadlines and achieve expectations

Do you have what it takes?

• Bachelor's degree in a related field is highly preferable

• Credible experience of working in cyber security and/or cyber threat intelligence with a focus on Security Operations, Digital Forensics and Incident Response (DFIR)

• Hands on experience of raw telemetry investigations, and working with Endpoint Detection and Response (EDR) tools

• Existing knowledge of or deep interest in cyber security

• Experience working in online intelligence investigations and analysis, including good OSINT skills

• Demonstrates a sense of urgency, understands customer needs (internal and external), and is solution-focused

• Strong analytical skills and a demonstrated writing ability

• Understands channels of communication, delivery of information, tone, and attitude in messaging; has an awareness of cultural differences, inclusiveness, and communication barriers

• Can adapt to a fast-moving environment to deliver high-quality intelligence content in a short timeframe

• Comfortable working in cross-functional intelligence teams across different time zones

• A relevant university degree (e.g., Computer Science, Cybersecurity, Languages, International Relations, Political Science), equivalent education, or appropriate professional experience

What makes you uncommon?

• Experience of tactical investigations into threat actor TTPs, malware, and vulnerabilities

• Good understanding of the cyber threat landscape, including threat actor attack methodologies, security postures, and appropriate analytical frameworks (including Cyber Kill Chain, Diamond Model, MITRE ATT&CK)

• Skills in an unusual language e.g., Farsi, Arabic, Turkish (able to read and write)

• Familiarity with open, deep, and dark web cybercriminal marketplaces and forums

• Experience of online HUMINT operations and/or social engineering techniques

• A comfortable public speaker, confident to share ideas and insights both internally and externally

• Awareness of a wide variety of security technologies (e.g., SIEM, EDR)

• Technical understanding/skills, particularly of cyber security offensive and defensive practices

• Knowledge of cyber threat actors and adversary tactics, techniques, and procedures (TTPs)

• Familiarity with structured analytic techniques for intelligence analysis